SkipNavigation
US-CERT
American Flag
  Vulnerability
Notes
Database

Search Vulnerability Notes

Vulnerability Notes Help Information


 
 View Notes By
  Name

ID Number

CVE Name

Date Public

Date Published

Date Updated

Severity Metric



 Other Documents
  Technical Alerts

Technical Bulletins

Alerts

Security Tips

 

Vulnerability Note VU#408419

OpenSSH contains a one-off overflow of an array in the channel handling code

Overview

OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server.

I. Description

OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handles channels. For an attack against the server, the attacker must be able to authenticate to the system in order to exploit this vulnerability. For an attack against the client, the client must connect to a malicious server.

II. Impact

An attacker is able to execute arbitrary code with the privileges of the sshd process on the server. The sshd process usually runs as root/superuser. A malicious server is able to execute arbitrary code on the vulnerable client's machine with the privileges of the current user.

III. Solution

Upgrade to OpenSSH version 3.1.

Systems Affected

VendorStatusDate NotifiedDate Updated
AppleVulnerable11-Mar-2002
BSDIVulnerable8-Mar-2002
CalderaVulnerable2-Apr-2002
ConectivaVulnerable7-Mar-2002
DebianNot Vulnerable11-Mar-2002
EngardeVulnerable7-Mar-2002
F-SecureNot Vulnerable8-Mar-2002
FujitsuNot Vulnerable7-Mar-2002
Hewlett PackardVulnerable27-Mar-2002
MandrakeSoftVulnerable7-Mar-2002
NETBSDVulnerable13-Mar-2002
OpenBSDVulnerable7-Mar-2002
OpenPKGVulnerable11-Mar-2002
OpenSSHVulnerable7-Mar-2002
Openwall GNU/*/LinuxVulnerable18-Mar-2002
Red HatVulnerable11-Mar-2002
SCOVulnerable13-Mar-2002
SGINot Vulnerable8-Mar-2002
SSH Communications SecurityNot Vulnerable11-Mar-2002
SunVulnerable7-Mar-2002
SuSEVulnerable8-Mar-2002
TrustixVulnerable11-Mar-2002

References


http://www.openbsd.org/advisories/ssh_channelalloc.txt
http://www.pine.nl/advisories/pine-cert-20020301.txt
http://online.securityfocus.com/bid/4241

Credit

This vulnerability was discovered by Joost Pol <joost@pine.nl>.

This document was written by Jason Rafail.

Other Information

Date Public:2002-03-07
Date First Published:2002-03-07
Date Last Updated:2002-04-02
CERT Advisory: 
CVE-ID(s):CAN-2002-0083
NVD-ID(s):CAN-2002-0083
US-CERT Technical Alerts: 
Metric:25.65
Document Revision:7

If you have feedback, comments, or additional information about this vulnerability, please send us email.
 

 
Page Corner Image
Copyright 2002 Carnegie Mellon University
Disclaimers and copyright information
Get Adobe Reader Get Adobe Reader